Clustering attacker behavior reveals hidden patterns

Credit to Author: Andrew Brandt| Date: Tue, 08 Aug 2023 10:00:11 +0000

A collection of very specific behaviors, observed by Sophos X-Ops incident response analysts in the lead-up to four separate ransomware attacks in the first quarter of 2023, indicates an unexpected connection between the attacks. In the parlance of the Managed Detection and Response (MDR) team, the peculiarly similar details constitute a threat activity cluster that […]

Read more

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

Credit to Author: Andrew Brandt| Date: Tue, 11 Jul 2023 17:20:38 +0000

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-Ops (and others) observed threat actors abusing during attacks. Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than […]

Read more